Apache2-AuthenSecurID
4 results

 view release on metacpan or  search on metacpan

README  view on Meta::CPAN 

NAME
    Apache2::AuthenSecurID - Authentication via a SecurID server

SYNOPSIS
     # Configuration in httpd.conf or access.conf 

    PerlModule Apache2::AuthenSecurID

    <Location /secure/directory> AuthName SecurID AuthType Basic

     PerlAuthenHandler Apache2::AuthenSecurID

     PerlSetVar AuthCryptKey Encryption_Key 
     PerlSetVar AuthCookie Name_of_Authentication_Cookie 
     PerlSetVar AuthUserCookie Name_of_Username_Authentication_Cookie 
     PerlSetVar AuthCookiePath /path/of/authentication/cookie
     PerlSetVar AuthCookieTimeOut 30 
     PerlSetVar Auth_Handler /path/of/authentication/handler

     require valid-user
    </Location>

DESCRIPTION
    This module allows authentication against a SecurID server. It detects
    whether a user has a valid encrypted cookie containing their username
    and last activity time stamp. If the cookie is valid the module will
    change the activity timestamp to the present time, encrypt and send the
    cookie. If the cookie is not valid the module will redirect to the
    authentication handler to prompt for username and passcode.

LIST OF TOKENS
    * AuthCryptKey
    The Blowfish key used to encrypt and decrypt the authentication cookie.
    It defaults to my secret if this variable is not set.

    * AuthCookie
    The name of the of cookie to be set for the authentication token. It
    defaults to SecurID if this variable is not set.

    * AuthUserCookie
    The name of the of cookie that contains the value of the persons
    username in plain text. This is checked against the contents of the
    encrypted cookie to verify user. The cookie is set of other applications
    can identify authorized users. It defaults to SecurID_User if this
    variable is not set.

    * AuthCookiePath
    The path of the of cookie to be set for the authentication token. It
    defaults to / if this variable is not set.

    * AuthCookieTimeOut
    The time in minute a cookie is valid for. It is not recommended to set
    below 5. It defaults to 30 if this variable is not set.

    * Auth_Handler
    The path of authentication handler. This is the URL which request with
    invalid cookie are redirected to. The handler will prompt for username
    and passcode. It does the actual authentication and sets the initial
    cookie. This mechanism is used instead of get_basic_auth_pw because
    get_basic_auth_pw will do multiple authentication attempt on pages that
    contain frames. The ACE server will deny simultaneous authentication
    attempts since it considers this a type of attack. It defaults to
    /ace_init if this variable is not set. Please see
    Apache2::AuthenSecurID::Auth to properly configure this functionality.

CONFIGURATION
    The module should be loaded upon startup of the Apache daemon. Add the
    following line to your httpd.conf:

     PerlModule Apache2::AuthenSecurID

PREREQUISITES
    For AuthenSecurID you need to enable the appropriate call-back hook when
    making mod_perl:

      perl Makefile.PL PERL_AUTHEN=1

    AuthenSecurID requires Crypt::Blowfish and Crypt::CBC.

SEE ALSO
    Apache, mod_perl, Authen::ACE Apache2::AuthenSecurID::Auth

AUTHORS
    * mod_perl by Doug MacEachern <dougm@osf.org>
    * Authen::ACE by Dave Carrigan <Dave.Carrigan@iplenergy.com>
    * Apache::AuthenSecurID by David Berk <dberk@lump.org>
    * mod_perl2 port and other modifications by Al Tobey <tobert@gmail.com>

COPYRIGHT
    The Apache2::AuthenSecurID module is free software; you can redistribute
    it and/or modify it under the same terms as Perl itself.

NAME
    Apache2::AuthenSecurID::Auth - Authentication handler for
    Apache2::AuthenSecurID

SYNOPSIS
     # Configuration in httpd.conf  

    <Location /path/of/authentication/handler> SetHandler perl-script
    PerlHandler Apache2::AuthenSecurID::Auth

       PerlSetVar AuthCryptKey Encryption_Key
       PerlSetVar AuthCookie Name_of_Authentication_Cookie
       PerlSetVar AuthUserCookie Name_of_Username_Authentication_Cookie
       PerlSetVar AuthCookiePath /path/of/authentication/cookie
       PerlSetVar AuthApacheCookie Apache_Cookie
       PerlSetVar ace_initd_server name.of.ace.handler.server.com
       PerlSetVar ace_initd_port 1969
    </Location>

DESCRIPTION
    This module allows authentication against a SecurID server. A request is
    redirected to this handler if the authentication cookie does not exist
    or is no longer valid. The handler will prompt for username and
    passcode. It will then construct and encrypt a UDP packet and send it to
    the Ace request daemon. This is necessary since libsdiclient.a needs to
    persist for NEXT TOKEN MODE and SET PIN MODE. If the authentication is
    valid an encrypted Authentication Cookie is set and the request is
    redirected to the originating URI. If the user needs to enter NEXT TOKEN
    or set their PIN they will be prompted to do so and if valid the request



( run in 0.750 second using v1.01-cache-2.11-cpan-df04353d9ac )